This notice sets out how we will use your personal data, and your rights. It is made under Articles 13 and/or 14 of the General Data Protection Regulation (GDPR).
The purposes for which we are processing your personal data are to allow members of the public to contact us through our contact form, and to collect analytics about how our website is used (to help us monitor engagement and improve the site).
We will process the following personal data:
The nature of your comment or query
Web analytics about your use of our website
Legal basis of processing
For web analytics delivered via non-essential cookies:
For all other data:
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In this case that is the operation and activities of the Intelligence and Security Committee.
Sensitive personal data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. We may collect sensitive personal data or data about criminal convictions through our website if an individual chooses to contact us, but if such information is volunteered to us the legal basis for processing that sensitive personal data is:
– processing is necessary for reasons of substantial public interest for the exercise of a function of the Crown, a Minister of the Crown, or a government department; the exercise of a function conferred on a person by an enactment; or the exercise of a function of either House of Parliament. In this case that is receiving comments and queries about the work of the Intelligence and Security Committee.
Your personal data will be shared by us with our IT suppliers who provide website, analytics and web-hosting services. As your personal data will be stored on our IT infrastructure it will also be shared with our data processors who provide email, and document management and storage services.
Incoming messages are kept on a short-term basis for the purposes of drafting a response to a comment or query.
Outgoing messages are kept for reference and will be retained by the Office of The Intelligence and Security Committee for three years. If the message is considered to be part of the ‘public record’ then it will have to be kept indefinitely.
Where personal data has not been obtained from you
Your personal data was obtained by us from another user sending us a question or comment through our contact form.
- You have the right to request information about how your personal data is processed, and to request a copy of that personal data.
- You have the right to request that any inaccuracies in your personal data are rectified without delay.
- You have the right to request that any incomplete personal data are completed, including by means of a supplementary statement.
- You may have the right to request that your personal data are erased if there is no longer a justification for them to be processed.
- You have the right in certain circumstances (for example, where accuracy is contested) to request that the processing of your personal data is restricted.
- You have the right to object to the processing of your personal data.
Web analytics data
- You have the right to withdraw consent to the processing of your personal data at any time.
- You have the right to request a copy of any personal data you have provided, and for this to be provided in a structured, commonly used and machine-readable format.
In both cases we may need further information from you to identify your data.
As your personal data is stored on our IT infrastructure, and shared with our data processors, it may be transferred and stored securely outside the UK. Where that is the case it will be subject to equivalent legal protection through the use of Model Contract Clauses or an adequacy decision.
The data controller for your personal data is the Cabinet Office. The contact details for the data controller are:
Tel: 0207 276 1234
The contact details for the data controller’s Data Protection Officer are:
Data Protection Officer,
The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.
If you consider that your personal data has been misused or mishandled, you may make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:
Information Commissioner’s Office,
Tel: 0303 123 1113
Any complaint to the Information Commissioner is without prejudice to your right to seek redress through the courts.